I am currently auditing an iOS application and in this scenario I came to know that it exploited some kind of can go. / P>
Here is the scenario: There is a plist name of a class, i.e. a this type of string is full Happened and used to do. Reclaim the matching category like this: Any ideas? Yes, there is a risk, but as a comment in the @LonelyDeveloper, I think that At least one of your concerns with a jailbroken device is It is true that with the code, if you modify the information of an application, the application revolves around an application. Which they can do on a jailbreaking phone - another sub-class of app Doing this may cause the app to work incorrectly, this is not a great way to make the app completely malicious. There should be some other defects in your app. For example, suppose that it is a banking app that caches data. The app opens with an login view controller The Account View Controller displays sensitive information, but the app will not show you account view controller without successfully entering the password through the login view controller. With this plast loading, if Plast has asked to load However, a malicious user (someone stole their phone) or installs a malicious download a tweak from Cydia, then they Therefore, this vulnerability already exists, and you have to rely on the running community, and also to inject all new types of new code, MobileSubstrate tweaks hooking < / Em>. Prison Break Repo, You can adequately protect from malicious software This is the reason why I install Cydia, SBSettings, Activator, and Saurik's Unix Command Line tools originally on my JellyBron Devices. containing the UIViewController subclass name, the form of a string
NSString * className = ... // plist is loaded with UIViewController * VC = [(UIViewController *) [NSClassFromString (className) alloc] initWithNibName : ClassName bundle: [nsbindal main bundle]]; I'm thinking that it would be possible to tamper with plist (on the jailbreak device) and apply an arbitrary UIViewController subclass to apply. UIViewController will load. Now, if they do everything, then it will only be a sub-class that has already in the app, or a library that the application already loads LoginViewController , and modify the plist to specify the attacker AccountViewController , then it is possible that Information that can be acquired should be protected. But, I seem to discover this scenario of flaws by combining . UIViewController Can load arbitrary sub-sections, not just the wrong view controller from your app. But, it allows them to do this without plast class loading.
No comments:
Post a Comment